PING自己会经过哪些netfilter hook节点
在linux上执行命令,ping 127.0.0.1 -c 1 -I 127.0.0.1,会经过多少个hook节点了?
加入我设备上有一个接口地址是10.99.99.88 ,执行ping 10.99.99.88 -c 1 -I 10.99.99.88,会经过多少个hook节点了?
实验出真知:
在ubuntu上配置如下规则:
sudo iptables -t mangle -A OUTPUT -d 127.0.0.1 -s 127.0.0.1 -j LOG --log-prefix "outputtest" sudo iptables -t mangle -A INPUT -d 127.0.0.1 -s 127.0.0.1 -j LOG --log-prefix "inputtest" sudo iptables -t mangle -A POSTROUTING -d 127.0.0.1 -s 127.0.0.1 -j LOG --log-prefix "postroutingtest" sudo iptables -t mangle -A FORWARD -d 127.0.0.1 -s 127.0.0.1 -j LOG --log-prefix "forwardtest" sudo iptables -t mangle -A PREROUTING -d 127.0.0.1 -s 127.0.0.1 -j LOG --log-prefix "preroutingtest" sudo iptables -t mangle -A OUTPUT -d 10.99.99.88 -s 10.99.99.88 -j LOG --log-prefix "88outputtest" sudo iptables -t mangle -A POSTROUTING -d 10.99.99.88 -s 10.99.99.88 -j LOG --log-prefix "88postroutingtest" sudo iptables -t mangle -A PREROUTING -d 10.99.99.88 -s 10.99.99.88 -j LOG --log-prefix "88preroutingtest" sudo iptables -t mangle -A FORWARD -d 10.99.99.88 -s 10.99.99.88 -j LOG --log-prefix "88forwardtest" sudo iptables -t mangle -A INPUT -d 10.99.99.88 -s 10.99.99.88 -j LOG --log-prefix "88inputtest"
执行命令
ping 10.99.99.88 -I 10.99.99.88 -c 1 PING 10.99.99.88 (10.99.99.88) from 10.99.99.88 : 56(84) bytes of data. 64 bytes from 10.99.99.88: icmp_seq=1 ttl=64 time=0.164 ms --- 10.99.99.88 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.164/0.164/0.164/0.000 ms
查看log
sudo tailf /var/log/syslog
Sep 27 18:48:21 dev-88 kernel: [5026135.109232] 88outputtestIN= OUT=lo SRC=10.99.99.88 DST=10.99.99.88 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52678 DF PROTO=ICMP TYPE=8 CODE=0 ID=17189 SEQ=1 Sep 27 18:48:21 dev-88 kernel: [5026135.109256] 88postroutingtestIN= OUT=lo SRC=10.99.99.88 DST=10.99.99.88 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52678 DF PROTO=ICMP TYPE=8 CODE=0 ID=17189 SEQ=1 Sep 27 18:48:21 dev-88 kernel: [5026135.109300] 88preroutingtestIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=10.99.99.88 DST=10.99.99.88 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52678 DF PROTO=ICMP TYPE=8 CODE=0 ID=17189 SEQ=1 Sep 27 18:48:21 dev-88 kernel: [5026135.109310] 88inputtestIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=10.99.99.88 DST=10.99.99.88 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52678 DF PROTO=ICMP TYPE=8 CODE=0 ID=17189 SEQ=1 Sep 27 18:48:21 dev-88 kernel: [5026135.109332] 88outputtestIN= OUT=lo SRC=10.99.99.88 DST=10.99.99.88 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52679 PROTO=ICMP TYPE=0 CODE=0 ID=17189 SEQ=1 Sep 27 18:48:21 dev-88 kernel: [5026135.109339] 88postroutingtestIN= OUT=lo SRC=10.99.99.88 DST=10.99.99.88 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52679 PROTO=ICMP TYPE=0 CODE=0 ID=17189 SEQ=1 Sep 27 18:48:21 dev-88 kernel: [5026135.109355] 88preroutingtestIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=10.99.99.88 DST=10.99.99.88 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52679 PROTO=ICMP TYPE=0 CODE=0 ID=17189 SEQ=1 Sep 27 18:48:21 dev-88 kernel: [5026135.109363] 88inputtestIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=10.99.99.88 DST=10.99.99.88 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52679 PROTO=ICMP TYPE=0 CODE=0 ID=17189 SEQ=1
执行命令
ping 127.0.0.1 -I 127.0.0.1 -c 1 PING 127.0.0.1 (127.0.0.1) from 127.0.0.1 : 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.115 ms --- 127.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.115/0.115/0.115/0.000 ms
查看log
sudo tailf /var/log/syslog
Sep 27 18:50:55 dev-88 kernel: [5026289.840776] outputtestIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=11645 DF PROTO=ICMP TYPE=8 CODE=0 ID=17197 SEQ=1 Sep 27 18:50:55 dev-88 kernel: [5026289.840790] postroutingtestIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=11645 DF PROTO=ICMP TYPE=8 CODE=0 ID=17197 SEQ=1 Sep 27 18:50:55 dev-88 kernel: [5026289.840824] preroutingtestIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=11645 DF PROTO=ICMP TYPE=8 CODE=0 ID=17197 SEQ=1 Sep 27 18:50:55 dev-88 kernel: [5026289.840832] inputtestIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=11645 DF PROTO=ICMP TYPE=8 CODE=0 ID=17197 SEQ=1 Sep 27 18:50:55 dev-88 kernel: [5026289.840848] outputtestIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=11646 PROTO=ICMP TYPE=0 CODE=0 ID=17197 SEQ=1 Sep 27 18:50:55 dev-88 kernel: [5026289.840854] postroutingtestIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=11646 PROTO=ICMP TYPE=0 CODE=0 ID=17197 SEQ=1 Sep 27 18:50:55 dev-88 kernel: [5026289.840884] preroutingtestIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=11646 PROTO=ICMP TYPE=0 CODE=0 ID=17197 SEQ=1 Sep 27 18:50:55 dev-88 kernel: [5026289.840891] inputtestIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=11646 PROTO=ICMP TYPE=0 CODE=0 ID=17197 SEQ=1
在lo口抓包
sudo tcpdump -i lo -uueennvv tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes 18:58:16.290163 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 61641, offset 0, flags [DF], proto ICMP (1), length 84) 10.99.99.88 > 10.99.99.88: ICMP echo request, id 17210, seq 1, length 64 18:58:16.290240 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 61642, offset 0, flags [none], proto ICMP (1), length 84) 10.99.99.88 > 10.99.99.88: ICMP echo reply, id 17210, seq 1, length 64 18:58:17.654649 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 60293, offset 0, flags [DF], proto ICMP (1), length 84) 127.0.0.1 > 127.0.0.1: ICMP echo request, id 17211, seq 1, length 64 18:58:17.654703 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 60294, offset 0, flags [none], proto ICMP (1), length 84) 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 17211, seq 1, length 64
从上面实验可以看出ping自己的报文流程为:
请求:-->NF_INET_LOCAL_OUT-->NF_INET_POST_ROUTING--->NF_INET_PRE_ROUTING--NF_INET_LOCAL_IN
应答:-->NF_INET_LOCAL_OUT-->NF_INET_POST_ROUTING--->NF_INET_PRE_ROUTING--NF_INET_LOCAL_IN